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Introduction 


Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to 
security incidents. Teams of people in Security Operations Centers (SOCs) keep a vigilant eye on security systems, 
protecting their organizations by detecting and responding to cybersecurity exploits and threats. CyberOps Associate 
prepares candidates to begin a career working as associate-level cybersecurity analysts within security operations 
centers. 


Target Audience 


The CyberOps Associate course is designed for Cisco Networking Academy® students who are seeking career- 
oriented, entry-level security analyst skills. Target students include individuals enrolled in technology degree 
programs at institutions of higher education and IT professionals who want to pursue a career in the Security 
Operation Center (SOC). Learners in this course are exposed to all of the foundational knowledge required to detect, 
analyze, and escalate basic cybersecurity threats using common open-source tools. 


Prerequisites 
CyberOps Associate students should have the following skills and knowledge: 
e PC and internet navigation skills 
e Basic Windows and Linux system concepts 
e Basic understanding of computer networks 
e Binary and Hexadecimal understanding 


e Familiarity with Cisco Packet Tracer 


Target Certification 


This course aligns with the Cisco Certified CyberOps Associate (CBROPS) certification. Candidates need to pass the 
200-201 CBROPS exam to achieve the Cisco Certified CyberOps Associate certification. The CBROPS exam tests a 
candidate’s knowledge and skills related to security concepts, security monitoring, host-based analysis, network 
intrusion analysis, and security policies and procedures. 


Course Description 
The course has many features to help students understand these concepts: 
e The course is comprised of twenty-eight (28) modules. Each module is comprised of topics. 
e Modules emphasize critical thinking, problem solving, collaboration, and the practical application of skills. 


e Each module contains some way to practice and assess understanding, such as a lab or a Packet Tracer 
activity. These module-level activities provide feedback and are designed to indicate learner’s mastery of the 
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skills needed for the course. Learners can ensure their level of understanding well before taking a graded 
quiz or exam. 


Some topics may contain a Check Your Understanding interactive quiz, or some other way to assess 
understanding, such as a lab or a Packet Tracer. These topic-level assessments are designed to tell 
learners if they have a good grasp of the topic content, or if they need to review before continuing. Learners 
can ensure their level of understanding well before taking a graded quiz or exam. Check Your 
Understanding quizzes do not affect the learner’s overall grade. 

Rich multimedia content, including interactive activities, videos, and quizzes, addresses a variety of learning 
styles and helps stimulate learning and increase knowledge retention. 


Virtual environments simulate real-world cybersecurity threat scenarios and create opportunities for security 
monitoring, analysis, and resolution. 


Hands-on labs help students develop critical thinking and complex problem solving skills. 


Innovative assessments provide immediate feedback to support the evaluation of knowledge and acquired 
skills. 


Technical concepts are explained using language that works well for learners at all levels and embedded 
interactive activities break up reading of the content and help reinforce understanding. 


The curriculum encourages students to consider additional IT education, but also emphasizes applied skills 
and hands-on experience. 


Cisco Packet Tracer activities are designed for use with Packet Tracer 7.3.0 or later. 


Course Objectives 


CyberOps Associate v1.0 covers knowledge and skills needed to successfully handle the tasks, duties, and 


responsibilities of an associate-level Cybersecurity Analyst working in a Security Operations Center (SOC). 


Upon completion of the CyberOps Associate v1.0 course, students will be able to perform the following tasks: 


Install virtual machines to create a safe environment for implementing and analyzing cybersecurity threat 
events. 


Explain the role of the Cybersecurity Operations Analyst in the enterprise. 


Explain the Windows Operating System features and characteristics needed to support cybersecurity 
analyses. 


Explain the features and characteristics of the Linux Operating System. 

Analyze the operation of network protocols and services. 

Explain the operation of the network infrastructure. 

Classify the various types of network attacks. 

Use network monitoring tools to identify attacks against network protocols and services. 
Explain how to prevent malicious access to computer networks, hosts, and data. 
Explain the impacts of cryptography on network security monitoring. 

Explain how to investigate endpoint vulnerabilities and attacks. 

Evaluate network security alerts. 


Analyze network intrusion data to identify compromised hosts. 
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e Apply incident response models to manage network security incidents. 


Lab Equipment Requirements 


This course requires no physical equipment other than the student’s lab PC. It uses several Virtual Machines (VMs) 
to create the lab experience. 


Baseline Equipment Bundle: 


e PCs - minimum system requirements 


CPU: Intel Pentium 4, 2.53 GHz or equivalent with virtualization support 

Operating Systems, such as Microsoft Windows, Linux, and Mac OS 

64-bit processor 

RAM: 8 GB 

Storage: 40 GB of free disk space 

Display resolution: 1024 x 768 

Language fonts supporting Unicode encoding (if viewing in languages other than English) 
o _ Latest video card drivers and operating system updates 


o0o0o00000 


e Internet connection for lab and student PCs 
Student PC Software: 
e = Oracle VM VirtualBox Manager (version 6.1 or later) 
e CyberOps Workstation VM 
o Downloadable from the Course 
o Requires 1 GB RAM, 20 GB Disk Space 
e Security Onion VM 
o Downloadable from the Course 


o Requires 4 GB RAM (minimum), 8GB RAM (highly recommended), 20 GB Disk Space 


CyberOps Associate Outline 


Listed below are the current set of modules and their associated competencies outlined for this course. Each module 
is an integrated unit of learning that consists of content, activities and assessments that target a specific set of 
competencies. The size of the module will depend on the depth of knowledge and skill needed to master the 
competency. Some modules are considered foundational, in that the artifacts presented, while not assessed, enable 
learning of concepts that are covered on the CBROPS certification exam. 


Table 1. CyberOps Associate v1.0 Course Outline 


Module/Topics Goals/Objectives 


Module 1. The Danger Explain why networks and data are attacked. 

1.0 Introduction A brief introduction to the course and the first module. 

1.1 War Stories Outline features of cybersecurity incidents. 

1.2 Threat Actors Rea motivations of the threat actors behind specific security 
incidents. 
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Module/Topics Goals/Objectives 


1.3 Threat Impact 


1.4 The Danger Summary 


Module 2. Fighters in the War Against Cybercrime 


2.0 Introduction 
2.1 The Modern Security Operations Center 


2.2 Becoming a Defender 


2.3 Fighters in the War Against Cybercrime Summary 


Module 3. The Windows Operating System 
3.0 Introduction 

3.1 Windows History 

3.2 Windows Architecture and Operations 

3.3 Windows Configuration and Monitoring 

3.4 Windows Security 

3.5 The Windows Operating System Summary 
Module 4. Linux Overview 

4.0 Introduction 


4.1 Linux Basics 


4.2 Working in the Linux Shell 
4.3 Linux Servers and Clients 


4.4 Basic Server Administration 


4.5 The Linux File System 

4.6 Working with the Linux GUI 
4.7 Working on a Linux Host 
4.8 Linux Basics Summary 
Module 5. Network Protocols 
5.0 Introduction 


5.1 Network Communication Process 
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Explain the potential impact of network security attacks. 

A brief summary and the module quiz. 

Explain how to prepare for a career in cybersecurity operations. 
An introduction to the module. 

Explain the mission of the security operations center. 


Describe resources available to prepare for a career in cybersecurity 
operations. 


A brief summary and the module quiz. 

Explain the security features of the Windows operating system. 
An introduction to the module. 

Describe the history of the Windows Operating System. 

Explain the architecture of Windows and its operation. 

Explain how to configure and monitor Windows. 

Explain how Windows can be kept secure. 

A brief summary and the module quiz. 

Implement basic Linux security. 

An introduction to the module. 


Explain why Linux skills are essential for network security monitoring 
and investigation. 


Use the Linux shell to manipulate text files. 
Explain how client-server networks function. 


Explain how a Linux administrator locates and manipulates security log 
files. 


Manage the Linux file system and permissions. 
Explain the basic components of the Linux GUI. 

Use tools to detect malware on a Linux host. 

A brief summary and the module quiz. 

Explain how protocols enable network operations. 
An introduction to the module. 


Explain the basic operations of data networked communications. 
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Module/Topics Goals/Objectives 


5.2 Communication Protocols 


5.3 Data Encapsulation 


5.4 Network Protocols Summary 


Module 6. Ethernet and Internet Protocol (IP) 


6.0 Introduction 

6.1 Ethernet 

6.2 IPv4 

6.3 IP Addressing Basics 


6.4 Types of IPv4 Addresses 


6.5 The Default Gateway 

6.6 IPv6 Prefix Length 

6.7 Ethernet and IP Protocol Summary 
Module 7. Principles of Network Security 
7.0 Introduction 

7.1 ICMP 

7.2 Ping and Traceroute Utilities 

7.3 Connectivity Verification Summary 
Module 8. Address Resolution Protocol 
8.0 Introduction 

8.1 MAC and IP 

8.2 ARP 

8.3 ARP Issues 

8.4 Address Resolution Protocol Summary 


Module 9. The Transport Layer 


9.0 Introduction 


9.1 Transport Layer Characteristics 
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Explain how protocols enable network operations. 


Explain how data encapsulation allows data to be transported across 
the network. 


A brief summary and the module quiz. 


Explain how the ethernet and IP protocols support network 
communications. 


An introduction to the module. 

Explain how Ethernet supports network communication. 

Explain how the IPv4 protocol supports network communications. 
Explain how IP addresses enable network communication. 


Explain the types of |Pv4 addresses that enable network 
communication. 


Explain how the default gateway enables network communication. 
Explain how the IPv6 protocol supports network communications. 
A brief summary and the module quiz. 

Connectivity Verification 

An introduction to the module. 

Explain how ICMP is used to test network connectivity. 

Use Windows tools, ping, and traceroute to verify network connectivity. 
A brief summary and the module quiz. 

Analyze address resolution protocol PDUs on a network. 

An introduction to the module. 

Compare the roles of the MAC address and the IP address. 
Analyze ARP by examining Ethernet frames. 

Explain how ARP requests impact network and host performance. 
A brief summary and the module quiz. 


Explain how transport layer protocols support network 
functionality. 


An introduction to the module. 


Explain how transport layer protocols support network communication. 
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Module/Topics Goals/Objectives 


9.2 Transport Layer Session Establishment 
9.3 Transport Layer Reliability 

9.4 The Transport Layer Summary 
Module 10. Network Services 

10.0 Introduction 

10.1 DHCP 

10.2 DNS 

10.3 NAT 

10.4 File Transfer and Sharing Services 
10.5 Email 

10.6 HTTP 

10.7 Network Services Summary 


Module 11. Network Communication Devices 


11.0 Introduction 

11.1 Network Devices 

11.2 Wireless Communications 

11.3 Network Communication Devices Summary 


Module 12. Network Security Infrastructure 


12.0 Introduction 


12.1 Network Topologies 


12.2 Security Devices 


12.3 Security Services 

12.4 Network Security Infrastructure Summary 
Module 13. Attackers and Their Tools 

13.0 Introduction 


13.1 Who is Attacking Our Network? 
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Explain how the transport layer establishes communication sessions. 
Explain how the transport layer establishes reliable communications. 
A brief summary and the module quiz. 

Explain how network services enable network functionality. 

An introduction to the module. 

Explain how DHCP services enable network functionality. 

Explain how DNS services enable network functionality. 

Explain how NAT services enable network functionality. 

Explain how file transfer services enable network functionality. 
Explain how email services enable network functionality. 

Explain how HTTP services enable network functionality. 

A brief summary and the module quiz. 


Explain how network devices enable wired and wireless network 
communication. 


An introduction to the module. 

Explain how network devices enable network communication. 
Explain how wireless devices enable network communication. 
A brief summary and the module quiz. 


Explain how network devices and services are used to enhance 
network security. 


An introduction to the module. 


Explain how network designs influence the flow of traffic through the 
network. 


Explain how specialized devices are used to enhance network 
security. 


Explain how network services enhance network security. 
A brief summary of this module. 

Explain how networks are attacked. 

An introduction to the module. 


Explain how network threats have evolved. 
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Module/Topics Goals/Objectives 


13.2 Threat Actor Tools 

13.3 Attackers and Their Tools Summary 
Module 14. Common Threats and Attacks 
14.0 Introduction 

14.1 Malware 


14.2 Common Network Attacks — Reconnaissance, 


Access, and Social Engineering 


14.3 Network Attacks — Denial of Service, Buffer 


Overflows, and Evasion 
14.4 Common Threats and Attacks Summary 
Module 15. Observing Network Operation 
15.0 Introduction 
15.1 Introduction to Network Monitoring 
15.2 Introduction to Network Monitoring Tools 
15.3 Network Monitoring and Tools Summary 
Module 16. Attacking the Foundation 
16.0 Introduction 
16.1 IP PDU Details 
16.2 IP Vulnerabilities 
16.3 TCP and UDP Vulnerabilities 


16.4 Attacking the Foundation Summary 


Module 17. Attacking What We Do 


17.0 Introduction 

17.1 IP Services 

17.2 Enterprise Services 

17.3 Attacking What We Do Summary 


Module 18. Understanding Defense 


18.0 Introduction 
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Describe the various types of attack tools used by Threat Actors. 
A brief summary and the module quiz. 

Explain the various types of threats and attacks. 

An introduction to the module. 

Describe types of malware. 


Explain reconnaissance, access, and social engineering attacks. 


Explain denial of service, buffer overflow, and evasion attacks. 


A brief summary and the module quiz. 

Explain network traffic monitoring. 

An introduction to the module. 

Explain the importance of network monitoring 

Explain how network monitoring is conducted. 

A brief summary and the module quiz. 

Explain how TCP/IP vulnerabilities enable network attacks. 
An introduction to the module. 

Explain the IPv4 and IPv6 header structure. 

Explain how IP vulnerabilities enable network attacks. 

Explain how TCP and UDP vulnerabilities enable network attacks. 
A brief summary and the module quiz. 


Explain how common network applications and services are 
vulnerable to attack. 


An introduction to the module. 


Explain IP service vulnerabilities. 


Explain how network application vulnerabilities enable network attacks. 


A brief summary and the module quiz. 
Explain approaches to network security defense. 


An introduction to the module. 
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Module/Topics Goals/Objectives 


18.1 Defense-in-Depth 


18.2 Security Policies, Regulations, and Standards 


18.3 Understanding Defense Summary 


Module 19. Access Control 
19.0 Introduction 

19.1 Access Control Concepts 
19.2 AAA usage and operation 
19.3 Access Control Summary 


Module 20. Threat Intelligence 


20.0 Introduction 


20.1 Information Sources 


20.2 Threat Intelligence Services 
20.3 Threat Intelligence Summary 


Module 21. Cryptography 


21.0 Introduction 


21.1 Integrity and Authenticity 


21.2 Confidentiality 


21.3 Public Key Cryptography 


21.4 Authorities and the PKI Trust System 


21.5 Applications and Impacts of Cryptography 


21.6 Cryptography Summary 


Module 22. Endpoint Protection 


22.0 Introduction 


22.1 Antimalware Protection 


22.2 Host-based Intrusion Prevention 


22.3 Application Security 
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Explain how the defense-in-depth strategy is used to protect networks. 
Explain security policies, regulations, and standards. 

A brief summary and the module quiz. 

Explain access control as a method of protecting a network. 

An introduction to the module. 

Explain how access control protects network data. 

Explain how AAA is used to control network access. 

A brief summary and the module quiz. 


Use various intelligence sources to locate current security 
threats. 


An introduction to the module. 


Describe information sources used to communicate emerging network 
security threats. 


Describe various threat intelligence services. 
A brief summary and the module quiz. 


Explain how the public key infrastructure supports network 
security. 


An introduction to the module. 


Explain the role of cryptography in ensuring the integrity and 
authenticity data. 


Explain how cryptographic approaches enhance data confidentiality. 
Explain public key cryptography. 

Explain how the public key infrastructure functions. 

Explain how the use of cryptography affects cybersecurity operations. 
A brief summary of this module. 


Explain how a malware analysis website generates a malware 
analysis report. 


An introduction to the module. 
Explain methods of mitigating malware. 
Explain host-based IPS/IDS log entries. 


Explain how sandbox is used to analyze malware. 


Page 8 of 10 www.netacad.com 


CyberOps Associate (CA) v1.0 Scope and Sequence 


Module/Topics Goals/Objectives 


22.4 Endpoint Protection Summary 

Module 23. Endpoint Vulnerability Assessment 
23.0 Introduction 

23.1 Network and Server Profiling 


23.2 Common Vulnerability Scoring System (CVSS) 


23.3 Secure Device Management 


23.4 Information Security Management Systems 


23.5 Endpoint Vulnerability Assessment Summary 
Module 24. Technologies and Protocols 
24.0 Introduction 


24.1 Monitoring Common Protocols 


24.2 Security Technologies 


24.3 Technologies and Protocols Summary 


Module 25. Network Security Data 


25.0 Introduction 

25.1 Types of Security Data 

25.2 End Device Logs 

25.3 Network Logs 

25.4 Network Security Data Summary 
Module 26. Evaluating Alerts 

26.0 Introduction 

26.1 Source of Alerts 

26.2 Overview of Alert Evaluation 
26.3 Evaluating Alerts Summary 


Module 27. Working with Network Security Data 
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A brief summary and the module quiz. 

Explain how endpoint vulnerabilities are assessed and managed. 
An introduction to the module. 

Explain the value of network and server profiling. 


Explain how CVSS reports are used to describe security 
vulnerabilities. 


Explain how secure device management techniques are used to 
protect data and assets. 


Explain how information security management systems are used to 
protect assets. 


A brief summary and the module quiz. 
Explain how security technologies affect security monitoring. 
An introduction to the module. 


Explain the behavior of common network protocols in the context of 
security monitoring. 


Explain how security technologies affect the ability to monitor common 
network protocols. 


A brief summary and the module quiz. 


Explain the types of network security data used in security 
monitoring. 


An introduction to the module. 

Describe the types of data used in security monitoring. 
Describe the elements of an end device log file. 
Describe the elements of a network device log file. 

A brief summary and the module quiz. 

Explain the process of evaluating alerts. 

An introduction to the module. 

Identify the structure of alerts. 

Explain how alerts are classified. 

A brief summary and the module quiz. 


Interpret data to determine the source of an alert. 
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Module/Topics Goals/Objectives 


27.0 Introduction An introduction to the module. 

27.1 A Common Data Platform Explain how data is prepared for use in Network Security Monitoring 
(NSM) system. 

27.2 Investigating Network Data Use Security Onion tools to investigate network security events. 

27.3 Enhancing the Work of the Cybersecurity Analyst Describe network monitoring tools that enhance workflow 
management. 

27.4 Working with Network Security Data Summary A brief summary and the module quiz. 


Module 28. Digital Forensics and Incident Analysis and Explain how the CyberOps Associate responds to cybersecurity 


Response incidents. 
28.0 Introduction An introduction to the module. 
28.1 Evidence Handling and Attack Attribution Explain the role of digital forensic processes. 
28.2 The Cyber Kill Chain Identify the steps in the Cyber Kill Chain. 
28.3 The Diamond Model of Intrusion Analysis Classify an intrusion event using the Diamond Model. 
28.4 Incident Response Apply the NIST 800-61r2 incident handling procedures to a given 


incident scenario. 


28.5 Digital Forensics and Incident Analysis and Response A brief summary of this module. 


Summary 
28.6 Prepare for Your Exam and Launch Your Career! Certification preparation, discount vouchers, and other career 
resources. 
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